Recent commits

New changelog entries:
* networkd: Do not stop ndisc client in case of conf error.
When an NDisc error happens, e.g. in case of a prefix change, do not shut
down the dhcp client. Instead log about it and continue.
Otherwise networkd might fail to renew the DHCPv4 address and lose IPv4
connectivity. (Closes: #930353)

New changelog entries:
* Non-maintainer upload by the Security Team.
* Address memory leak in dispatch_message_real()
In dispatch_message_real() memory allocated by set_iovec_field_free()
is not free()d.
Follow upstream and introduce specific variables cmdline1 and cmdline2
and free() those automatically when dispatch_message_real() returns.
* Correctly allocate core_timestamp on the heap and avoid invalid free()
* Remove unused core* variables in process_kernel()
* Non-maintainer upload by the Security Team.
* journald: do not store the iovec entry for process commandline on stack
(CVE-2018-16864) (Closes: #918841)
* journald: set a limit on the number of fields (1k) (CVE-2018-16865)
(Closes: #918848)
* journal-remote: set a limit on the number of fields in a message
(CVE-2018-16865) (Closes: #918848)
* journal: fix syslog_parse_identifier() (CVE-2018-16866)
* journal: do not remove multiple spaces after identifier in syslog message
(CVE-2018-16866)

New changelog entries:
* core/load-fragment: Add RemoveIPC=
Allow RemoveIPC= to be set in the unit file not only via D-Bus.
(Closes: #892829)
* nspawn: Add missing -E to getopt_long.
The -E alias for --setenv in systemd-nspawn was not working as
documented. This commit fixes that by adding -E to getopt_long.
(Closes: #895798)
* login: Respect --no-wall when cancelling a shutdown request
(Closes: #897938)
[ Cyril Brulebois ]
* networkd-ndisc: Handle missing mtu gracefully.
The previous upload made networkd respect the MTU field in IPv6 RA but
unfortunately broke setups where there's no such field. (Closes: #892794)

New changelog entries:
* hwdb: Use path_join() to generate the hwdb_bin path.
This ensures /lib/udev/hwdb.bin gets the correct SELinux context. Having
double slashes in the path makes selabel_lookup_raw() return the wrong
context. (Closes: #851933)
* selinux: Enable labeling and access checks for unprivileged users.
Revert commit that inadvertently broke a lot of SELinux related
functionality for both unprivileged users and systemd instances running
as MANAGER_USER and instead deal with the auditd issue by checking for
the CAP_AUDIT_WRITE capability before opening an audit netlink socket.
(Closes: #863800)
* Revert "systemd-sysv: Add Conflicts: systemd-shim"
Under certain conditions this confuses Jessies's apt which then tries to
remove systemd while being the active init system, resulting in a failed
dist-upgrade. While this turned out to be a bug in apt, avoid this
situation by dropping the Conflicts. (Closes: #854041)
* link: Fix offload features initialization.
This fixes a regression introduced in v232 which caused TCP
segmentation offloads being disabled by default, resulting in
significant performance issues under certain conditions. (Closes: #864073)

New changelog entries:
[ Michael Biebl ]
* journal: fix up syslog facility when forwarding native messages.
Native journal messages (_TRANSPORT=journal) typically don't have a
syslog facility attached to it. As a result when forwarding the
messages to syslog they ended up with facility 0 (LOG_KERN).
Apply syslog_fixup_facility() so we use LOG_USER instead. (Closes: #837893)
* nspawn: Support ephemeral boots from images (Closes: #858149)
* Exclude test binaries from dh_shlibdeps.
The test binaries in libsystemd-dev require libsystemd-shared which is
shipped in the systemd package. Those test binaries are primarily meant
to be run via autopkgtest. As the libsystemd-dev package is not supposed
to depend on systemd, exclude the tests from dh_shlibdeps and instead
update the autopkgtest dependencies to pull in the systemd package.
(Closes: #859152)
[ Felipe Sateler ]
* Backport patch to make inability to get OS version nonfatal in machinectl.
Otherwise machinectl list breaks when there are libvirt machines
(Closes: #849316)
[ Sjoerd Simons ]
* init-functions: Only call daemon-reload when planning to redirect.
systemctl daemon-reload is a quite a heavy operation, it will re-parse
all configuration and re-run all generators. This should only be done
when strictly needed. (Closes: #861158)